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Final Rejection 
Response to Amendment 

1. Applicant's arguments/amendments with respect to amended claims 1, 20, 37, and 
54, added claims 56-64, and presently pending claims 1-64, filed on April 1 1, 2005 have 
been fully considered but they are not persuasive. The examiner would like to point out 
that this action is made final (MPEP 706.07a). 

2. The examiner accepts the amended claim 53. 

Response to Arguments 

3 . Applicant argues that: 

a. Independent claims 1, 20, 37, and 54 are not taught by Bugnion to include 
''providing one or more computer services for a plurality of customers, or setting 
up at the request of each of said customers at least one virtual machine for each 
of said customers, the at least one virtual machine for each of said customers 
having a specification specified by the respective customer, " (page 1 3 par. 2). 

b. The references, whether alone or in combination, fail to support 'Uhe concept 
of creating plural virtual machines on a real computer in which at least one 
virtual machine is set up for each of the customers, each of those virtual machines 
having specification that is specified, by the respective customer. And the 
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combination of Derks with Bugnion do not support the present obviousness 
rejection'* (page 1 par. 5, page 13 par. 2, and page 15 par. 2). 

c. Dependent claims 2-19, 21-36, 38-53, and 55-64 are allowable based upon 
their dependency on allowable claims 1, 20, 37, and 54 (page 15 par. 4). 

However, Examiner disagrees with applicant. 

Regarding argument (a), Argument is not persuasive. Bugnion teaches a 
combination of innovative emulation of the Direct Memory Access engine and 
standard distributed file system protocols to support a global buffer catch that is 
transparently shared across all virtual machines (col. 7 lines 42-46, col. 8 lines 56- 
65, and col. 6 lines 6-36), operating system allows applications to explicitly share 
memory region across virtual machine boundaries and server contains interface to 
setup these shared regions to allow processes running on multiple virtual 
machines to share memory (col. 5 lines 1-13), and the at least one virtual machine 
for each of said customers having a specification specified by the respective 
customer (col. 5 lines 1-13, and col. 8 lines 56-66). 

Regarding argument (b), Argument is not persuasive. Bugnion discloses a 
software is written and executed on a real computer to create virtual computers 
(col. 12 lines 13-38). Two different virtual processors of the same virtual machine 
logically read-share the same physical page, but each virtual processor accesses a 
local copy (col. 13 lines 52-60) and a software layer between a multiprocessor 
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hardware layer and multiple virtual machines that run independent operating 
systems and application programs (col. 7 lines 55-58, and col. 8 lines 56-65), and 
a virtual machine having a specification specified by the customer (Bugnion col. 
14 lines 1-64). Derks discloses set up request of each of said customers to set up 
virtual connections (Derks col. 5 lines 16-55, and col. 3 lines 7-12). And 
sufficient motivation to combine Derks within the system of Bugnion is provided 
on page 3 of the office action. 

Regarding argument (c), examiner disagrees with applicant. Based on the 
arguments set forth by the examiner for arguments (a) and (b), the dependent 
claims stand rejected. 

The examiner is not trying to teach the invention but is merely trying to interpret 
the claim language in its broadest and reasonable meaning. Therefore, the 
examiner asserts that the system of the prior art, Bugnion does teach or suggest 
the subject matter as recited in independent claims 1, 20, 37, and 54. Dependent 
claims 2-19, 21-36, 38-53, and 55-64 are also rejected at least by virtue of their 
dependency on independent claims and by other reason set forth in this office 
action dated July 28, 2005. Accordingly, rejections for claims 1-64 are 
respectfully maintained. 



Claim Rejections - 35 USC §102 
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4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) tlie invention was described in (1) an application for patent, published under section 122(b), by anotlier 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in tlie United States before the invention by the apphcant for patent, 
except tliat an international application filed under the treaty defined in section 351(a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if tlie international 
application designated tlie United States and was published under Article 21(2) of such treaty in the English 
language. 

5. Claims 37-39, 45-46, 48, 53, and 62-64 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Devine et al. (Devine, Patent No.: US 6,397,242 Bl). 

As per claim 37, Devine teaches a method of operating a real computer on behalf of 
plural customers, the method comprising the step of: 

operating plural virtual machines on the real computer (Devine fig. 7 and col. 25 
lines 2-23), each of said plural virtual machines having a specification specified by and 
configurable by a respective one of the customers in accordance with a computer service 
to be provided by the virtual machine on behalf of that customer (Devine col. 24 lines 26- 
58), each of said virtual machines having an operating system running thereon (Devine 
col. 24 lines 26-58, col 7 lines 18-32, col. 8 Unes 31-31, and col. 2 lines 37-41). 

As per claim 38, Devine teaches apparatus or method, wherein plural virtual machines 
are set up within the real computer for at least one of said customers (col. 24 lines 1 8-26). 
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As per claim 39, Devine teaches a method, comprising the step of operating a virtual 
network for at least one of said customers within the real computer, or each virtual 
machine for said at least one customer being connected to said virtual network (fig. 7 no. 
710 and 120). 

As per claim 45, Devine teaches apparatus or a method, comprising a plurality of real 
data storage devices and at least one virtual storage subsystem that is configured to allow 
said real data storage devices to emulate one or more virtual storage devices (Devine col. 
2 lines 37-43, and col. 10 lines 16-23), 

As per claim 46, Devine teaches apparatus or a method, wherein the at least one virtual 
storage subsystem is configured to emulate at least one respective virtual storage device 
for each customer (Devine col. 2 lines 37-43, and col. 10 hnes 16-23). 

As per claim 48, Devine teaches apparatus or a method, wherein the apparatus is 
configurable to provide at least one of the services selected from: file, data and archiving 
services; applications hosting services; database hosting services; data warehouse 
services; knowledge management hosting services; digital media production services; 
"intellectual property" and streaming media services; simple web hosting services; 
complex e-commerce web hosting services; high performance computation services; 
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electronic messaging and conferencing services; and, learning neuro- computer services 
(Devine col. 24 lines 39-51). 

As per claim 53, Devine teaches a method, comprising the step of moving said at least 
one virtual machine from a first real computer to a second real computer (col. 24 lines 
27-58). 

As per claim 62, Devine teaches an apparatus/method, wherein at least one of said virtual 
machines is created using a virtual machine abstraction program (col, 24 lines 26-58, and 
col. 25 lines 25-45). 

As per claim 63, Devine teaches an apparatus/method wherein at least one of said virtual 
machines provides at least a virtual central processor unit (col. 5 lines 12-19). 

As per claim 64, Devine teaches an apparatus/method, wherein at least one of said virtual 
machines is created using machine simulation/emulation software (col. 2 lines 64-col. 3 
lines 16). 



Claim Rejections - 35 USC § 103 
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6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained Uiough tlie invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such Uiat tlie subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

7. Claims 40-44, 47, and 49-52 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Devine et al. (Devine, Patent No.: US 6,397,242 Bl) in view of 
Bowman-Amuah (Bowman, US Patent Number 6,697,824 Bl). 

As per claim 40, Devine teach all the subject matter as described above. 

Devine does not expUcitly teach apparatus or a method, comprising a virtual 
intrusion detection device for detecting an attack on the virtual network. 

However Bowman teaches a virtual intrusion detection device for detecting an 
attack on the virtual network (Bowman Col. 75 lines 63-col. 76 lines 37). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Bowman within the system of 
Devine because it would allow to audit services and identify vulnerabilities (Bowman 
Col. 75 Unes 63-col. 76 lines 37). 

As per claim 41, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus or a method, wherein at least one virtual machine is 
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connected to a virtual firewall (Bowman Fig. 36 Number 3604) that is connectable to an 
external network to which customers and/or other users can connect such that access to 
said at least one virtual machine by a customer or other user via a said external network 
can only take place through a virtual firewall (Bowman Fig. 36, and col. 75 lines 63-col. 
76 lines 37). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Bowman within the system of 
Devine because it would allow to control access at entry points into both the network and 
the customer location, and restrict access to more sensitive servers on the internal 
network, web pages, files, and directories (Bowman Col. 76 hnes 19-36). 

As per claim 42, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus or a method, wherein the or each virtual machine for 
a particular customer is connected to a virtual firewall that is dedicated to that customer's 
virtual machine or machines, each virtual firewall being connectable to an external 
network to which each of said customers and/or other users can connect such that access 
to a virtual machine by a customer or other user via a said external network can only take 
place through a virtual firewall provided for that virtual machine or machines (Bowman 
Fig. 36, and col. 75 lines 63-col. 76 lines 37). The rational for combining are the same as 
claim 41 above. 
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As per claim 43, Devine and Bowman teach all the subject matter as described above. In 
addition Devine teaches setup within the real computer (col. 1 1 hnes 34-47), and 

Bowman teaches apparatus or a method, wherein each virtual firewall is set up 
within the real computer (Bowman Col. 75 lines 63-col. 76 lines 5), the or each virtual 
machine for each customer being connected to a first port of the virtual firewall (Bowman 
Fig. 36 No. 3604) that is dedicated to that customer's virtual machine or machines,' each 
virtual firewall having a second port connected to a virtual network (Bowman Fig. 36 No. 
3604) that is set up within the real computer and that is connectable to an external 
network (Bowman Col. 75 lines 63-col. 76 lines 37, and Fig. 36). The rational for 
combining are the same as claim 41 above. 

As per claim 44, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus or a method, wherein the second port of each virtual 
firewall (Bowman Fig. 36 No. 3604) is connected to the same virtual network that is set 
up within the real computer and that is connectable to an external network (Bowman Fig, 
36 No. 3604, and Internet Dial-up). The rational for combining are the same as claim 41 
above. 

As per claim 47, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus or a method, comprising a detection device for 
detecting evidence of malicious software or hostile attack signatures on the at least one 
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virtual storage subsystem (Bowman Col, 75 lines 63-col. 76 lines 37). The rational for 
combining are the same as claim 40 above. 

As per claim 49, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus or a method, comprising virtual private network 
software to provide an encrypted communication channel for communication between at 
least some of said virtual machines (Bowman Col. 68 lines 7-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Bowman within the system of 
Devine because it would allow to prevent unauthorized access to the data during 
transmission (Bowman Col. 68 lines 7-18). 

As per claim 50, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus or a method comprising virtual private network 
software to provide an encrypted communication channel for communication between at 
least one virtual machine and an external computer (Bowman Col. 68 lines 7-18, and col. 
75 hnes 63-col. 76 lines 37). The rational for combining are the same as claim 49 above. 

As per claim 51, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus, comprising virtual private network software to 
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provide an encrypted communication channel for communication between a first virtual 
network and a second virtual network (Bowman Col. 68 lines 7-18, Fig. 36 No. 3602, No 
3604VPH and col. 75 lines 63-col. 76 lines 37). The rational for combining are the same 
as claim 49 above. 

As per claim 52, Devine and Bowman teach all the subject matter as described above. In 
addition Bowman teaches apparatus, comprising virtual private network software to 
provide an encrypted communication channel for communication between a virtual 
network and external computer (Bowman Col. 68 lines 7-18, and Fig. 36 No. 3602, No. 
3604VPH, and Internet Dial-Up). The rational for combining are the same as claim 49 
above. 

8. Claims 1-3, 10-1 1, 13, 18-22, 28-29, 31, 36, 54-55 and 56-61 are rejected 

under 35 U.S.C. 103(a) as being unpatentable over Bugnion et al. (Bugnion, US Patent 
Number 6,075,938) in view of Derks (US Patent Number 6,810,033 B2). 

As per claim 1, and 20, Bugnion teaches apparatus or a method providing one or more 
computer services for a plurality of customers (Bugnion Col. 6 lines 6-35), the apparatus 
comprising a real computer on which is set up of each of said customers at least one 
virtual machine for each of said customers (Bugnion Col. 5 lines 1-13), said at least one 
virtual machine for each of said customers having a specification specified by (Bugnion 
col. 7 lines 54-58, and col. 14 lines 1-64) and configurable by the respective customer 
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and having an operating system running thereon (Bugnion col. 7 lines 54-58, and col. 14 
lines 1-64), 

Bugnion does not explicitly teach set up request of each of said customers, However, 
Derks discloses set up request of each of said customers to set up 

virtual connections (Derks col. 5 lines 16-55, and col. 3 lines 7-12), 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Derks with in the system of 
Bugnion because it would allow to identify the gateway with the internet address carried 
by the set up request message and transmit data over the connection in order to address 
one out of more terminals connected to the remote gateway and set up a virtual 
connection (Derks Col. 5 lines 16-55). 

As per claim 54, Bugnion teaches a method of providing for a plurality of customers one 
or more computer services selected from: file, data and archiving services; applications 
hosting services; database hosting services; data warehouse services; knowledge 
management hosting services; digital media production services; "intellectual property" 
and streaming media services; simple web hosting services; complex e-commerce web 
hosting services; high performance computation services; electronic messaging and 
conferencing services; and, learning neuro-computer services (Bugnion Abstract); the 
method comprising the steps of 
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setting up on a real computer of each of said customers at least one virtual 
machine for each of said customers (Derks Col. 5 lines 16-55, and col. 3 lines 7-12), said 
at least one virtual machine for each of said customers having a specification determined 
in accordance with the computer service, and being configurable by said consumer 
(Bugnion col. 7 lines 54-58, and col. 14 lines 1-64), said at least one virtual machine 
having an operating system running thereon (Bugnion col. 7 lines 54-58, and col. 14 lines 
1-64). 

Bugnion does not explicitly teach set up request of each of said customers, 

However, Derks discloses setting up on a real computer at the request of each of 
said customers at least one virtual machine for each of said customers (Derks Col. 5 lines 
16-55, and col. 3 lines 7-12), 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Derks with in the system of 
Bugnion because it would allow to identify the gateway with the internet address carried 
by the set up request message and transmit data over the connection in order to address 
one out of more terminals connected to the remote gateway and set up a virtual 
connection (Derks Col. 5 lines 16-55), 

As per claims 2, and 21, Bugnion and Derks teach all the subject matter as described 
above. In addition Bugnion teaches apparatus or method, wherein plural virtual machines 
are set up within the real computer for at least one of said customers (Bugnion Col. 6 
lines 6-35, and col. 5 lines 1-13). 
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As per claims 3, and 22, Bugnion and Derks teach all the subject matter as described 
above. In addition Bugnion teaches apparatus or a method, wherein the or each virtual 
machine for at least one of said customers is connected to a virtual network set up for 
said at least one customer within the real computer (Bugnion Col. 15 lines 54-col. 16 
lines 12). 

As per claims 10, and 28, Bugnion and Derks teach all the subject matter as described 
above. In addition Bugnion teaches apparatus or a method, comprising a plurality of real 
data storage devices and at least one virtual storage subsystem that is configured to allow 
said real data storage devices to emulate one or more virtual storage devices (Bugnion 
Col. 5 lines 1-28, and col. 7 lines 38-48). 

As per claims 1 1, and 29, Bugnion and Derks teach all the subject matter as described 
above. In addition Bugnion teaches apparatus or a method, wherein the at least one 
virtual storage subsystem is configured to emulate at least one respective virtual storage 
device for each customer (Bugnion Col. 5 lines 1-28, and col. 7 lines 38-48), 

As per claims 13, and 31, Bugnion and Derks teach all the subject matter as described 
above. In addition Bugnion teaches apparatus or a method, wherein the apparatus is 
configurable to provide at least one of the services selected from: file, data and archiving 
services; applications hosting services; database hosting services; data warehouse 
services; knowledge management hosting services; digital media production services; 
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^'intellectual property" and streaming media services; simple web hosting services; 
complex e-commerce web hosting services; high performance computation services; 
electronic messaging and conferencing services; and, learning neuro- computer services 
(Bugnion Abstract). 

As per claim 18, Bugnion and Derks teach all the subject matter as described above. In 
addition Bugnion teaches apparatus, wherein the real computer comprises plural physical 
computers (Bugnion Col. 6 lines 6-35). 

As per claim 19, Bugnion and Derks teach all the subject matter as described above. In 
addition Bugnion teaches in combination, a first apparatus and a second apparatus that is 
substantially identical to said first apparatus, the first and second apparatus being 
connected by a communications channel so that the second apparatus can provide for 
redundancy of the first apparatus thereby to provide for disaster recovery if the first 
apparatus fails (Bugnion Col. 5 lines 40-47). 

As per claims 36, and 55, Bugnion and Derks teach all the subject matter as described 
above. In addition Bugnion teaches a method, comprising the step of moving said at least 
one virtual machine from a first real computer to a second real computer (Bugnion Col. 4 
lines 51-67). 

As per claims 56 and 59, Bugnion, and Derks teach all the subject matter as described 
above. In addition Bugnion teaches an apparatus/method wherein at least one of said 
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virtual machines provides at least a virtual central processor unit (Bagnion col 
65 and col. 4 lines 14-38). 

As per claims 57, and 60 Bugnion, and Derks teach all the subject matter as described 
above. In addition Bugnion teaches an apparatus/method, wherein at least one of said 
virtual machines is created using a virtual machine abstraction program (Bagnion col. 1 1 
lines 58-59, and col 12 lines 20-25). 

As per claims 58, and 61 Bugnion, and Derks teach all the subject matter as described 
above. In addition Bugnion teaches an apparatus/method, wherein at least one of said 
virtual machines is created using machine simulation/emulation software (Bugnion col. 
10 lines 55-64, and col. 4 lines 14-38). 

9, Claims 4-9, 12, 14-17, 23-27, 30, 32-35, and 40 are rejected under 35 

U.S.C. 103(a) as being unpatentable over Bugnion et al. (Bugnion, US Patent Number 
6,075,938) in view of Derks (US Patent Number 6,810,033 B2), and in further view of 
Bowman- Amuah (Bowman, US Patent Number 6,697,824 Bl). 

As per claims 4, and 23, Bugnion and Derks teach all the subject matter as described 
above. 



Page 



. 8 lines 56- 
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Bugnion and Derks do not explicitly teach apparatus or a method, comprising a 
virtual intrusion detection device for detecting an attack on the virtual network. 

However Bowman teaches a virtual intrusion detection device for detecting an 
attack on the virtual network (Bowman Col. 75 lines 63-col. 76 lines 37). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Bowman within the combination 
system of Bugnion and Derks because it would allow to audit services and identify 
vulnerabilities (Bowman Col. 75 lines 63-col. 76 lines 37). 

As per claims 5, and 24, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus or a method, wherein at least one 
virtual machine is connected to a virtual firewall (Bowman Fig. 36 Number 3604) that is 
connectable to an external network to which customers and/or other users can connect 
such that access to said at least one virtual machine by a customer or other user via a said 
external network can only take place through a virtual firewall (Bowman Fig. 36, and col. 
75 lines 63-col. 76 lines 37). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Bowman within the combination 
system of Bugnion and Derks because it would allow to control access at entry points 
into both the network and the customer location, and restrict access to more sensitive 
servers on the internal network, web pages, files, and directories (Bowman Col. 76 lines 
19-36). 
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As per claims 6, and 25, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus or a method, wherein the or each 
virtual machine for a particular customer is connected to a virtual firewall that is 
dedicated to that customer's virtual machine or machines, each virtual firewall being 
connectable to an external network to which each of said customers and/or other users 
can connect such that access to a virtual machine by a customer or other user via a said 
external network can only take place through a virtual firewall provided for that virtual 
machine or machines (Bowman Fig. 36, and col. 75 lines 63-col. 76 lines 37). The 
rational for combining are the same as claim 5 above. 

As per claims 7, and 26, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bugnion teaches setup within the real computer (Bugnion 
Col. 5 lines 1-13), and 

Bowman teaches apparatus or a method, wherein each virtual firewall is set up 
within the real computer (Bowman Col. 75 lines 63-col. 76 lines 5), the or each virtual 
machine for each customer being connected to a first port of the virtual firewall (Bowman 
Fig. 36 No. 3604) that is dedicated to that customer's virtual machine or machines, each 
virtual firewall having a second port connected to a virtual network (Bowman Fig. 36 No. 
3604) that is set up within the real computer and that is connectable to an external 
network (Bowman Col. 75 lines 63-col. 76 lines 37, and Fig. 36). The rational for 
combining are the same as claim 5 above. 
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As per claims 8, and 27, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus or a method, wherein the second 
port of each virtual firewall (Bowman Fig. 36 No. 3604) is connected to the same virtual 
network that is set up within the real computer and that is connectable to an external 
network (Bowman Fig. 36 No. 3604, and Internet Dial-up). The rational for combining 
are the same as claim 5 above. 

As per claims 9, Bugnion, Derks, and Bowman teach all the subject matter as described 
above. In addition Bowman teaches apparatus, wherein the or at least one of the virtual 
firewalls is implemented by a virtual machine on the real computer, said virtual firewall 
virtual machine running firewall software (Bowman CoL 75 lines 63-col. 76 Hnes 37). 
The rational for combining are the same as claim 5 above. 

As per claims 12, and 30, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus or a method, comprising a 
detection device for detecting evidence of malicious software or hostile attack signatures 
on the at least one virtual storage subsystem (Bowman Col. 75 lines 63-col. 76 Hnes 37). 
The rational for combining are the same as claim 4 above. 
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As per claims 14, and 32, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus or a method, comprising virtual 
private network software to provide an encrypted communication channel for 
communication between at least some of said virtual machines (Bowman Col, 68 lines 7- 
18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to employ the teachings of Bowman within the combination 
system of Bugnion and Derks because it would allow to prevent unauthorized access to 
the data during transmission (Bowman Col. 68 lines 7-18). 

As per claims 15, and 33, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus or a method comprising virtual 
private network software to provide an encrypted communication channel for 
communication between at least one virtual machine and an external computer (Bowman 
Col. 68 lines 7-18, and col. 75 lines 63-col. 76 lines 37). The rational for combining are 
the same as claim 14 above. 

As per claims 16, and 34, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus, comprising virtual private 
network software to provide an encrypted communication channel for communication 
between a first virtual network and a second virtual network (Bowman Col. 68 Unes 7-18, 
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Fig. 36 No. 3602, No. 3604VPH and col. 75 lines 63.col. 76 lines 37). The rational for 
combining are the same as claim 14 above. 

As per claims 17, and 35, Bugnion, Derks, and Bowman teach all the subject matter as 
described above. In addition Bowman teaches apparatus, comprising virtual private 
network software to provide an encrypted communication channel for communication 
between a virtual network and external computer (Bowman Col. 68 lines 7-18, and Fig. 
36 No. 3602, No. 3604VPH, and Internet Dial-Up). The rational for combining are the 
same as claim 14 above. 

8. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time poHcy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1, 136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 
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9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272- 
3867. The examiner can normally be reached on Mon-Fri 8:00am-5 :00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 




